1. Field of the Invention
The present invention concerns the administration, monitoring, repair and/or the servicing of a computer-controlled system maintained with remote system that is in communication with the system to be maintained. The system to be maintained is, among other things designed for processing of access-protected data.
2. Description of the Prior Art
Primary application fields for the above type of system are medical systems that process data under data protection such as, for example, patient data. Other application fields also are, for example, judicial systems, and access-protected client data or software systems in banking that administer or process client data.
In such systems, the problem generally exists that the securing measures inside the system that securely prevent unauthorized access to these data from outside, must be maintained. Given maintenance, access to the system, which naturally must be access to the complete system, necessarily ensues from outside. A security breach is thereby created since, for example, the service technician could retrieve all or specific patient data in the scope of his or her maintenance activity.
This problem has conventionally been addressed by the use of a so-called four-eyes principle. The four-eyes principle assumes that both an authorized employee of the system to be accessed and a service technician are present on site. All actions, in particular accesses, of the service technician are monitored by the employee. He the employee limit or prevent unwanted or unauthorized accesses, if necessary manually and on a case by-case basis.
This procedure has the disadvantage that the presence of at least two people is always necessary; the authorized employee of the system to be serviced and the service technician. Remote maintenance of the system thus has not been possible, or possible only with clear and unacceptable security losses.
Furthermore, with the conventional procedure it was necessary that each individual action of the service technician would have to be individually, and case-specifically, evaluated with regard to its security risk. This manual procedure runs the risk of an access being wrongly assessed as unremarkable although may allow it, perhaps indirectly, access to protected data. This manual determination of actions that need authorization and those that are unproblematical is error-prone. It is therefore desirable to provide a system in which the determination of the actions needing authorization ensues or can ensue in the preliminary stage and in which, on the other hand, the determination of the actions needing authorization ensues automatically.
Furthermore, the conventional procedure has the disadvantage that a very high attentiveness, both on the part of the service technician but primarily on the part of the employee, is demanded since the employee must track nearly every step of the service technician. Since the latter Is, however, for the most part superior to the normal user of the system with regard to computer or system-related capability, this supervision or monitoring was only possible in a very limited manner. It is generally an admitted fact that the purely passive monitoring of the work of another person is a very tirlng job and requires a high degree of concentration. This fact also presents a high security risk. A short, inadvertent glance to the side by the employee is sufficient for the service technician to be able to transfer unnoticed data to a foreign system. A security risk thus existed in previous systems.